Pages

Friday, 9 October 2015

Malwarebytes Removes Blog Posting About WinRAR Leak

Malwarebytes has removed a blog posting about a vulnerability in WinRAR, because the information posted was inaccurate. The anti-malware company then makes excuses to WinRAR. Recently gave an investigator a demonstration where he could take over via a malicious SFX archives computers.

WinRAR is a very popular program for packing and unpacking files. Besides the standard RAR archive, the software can also make a Self Able Extract (SFX) archives. In this case the archive file is unpacked automatically when the user opens the file, regardless of whether they have installed WinRAR or not. SFX archives are basically just exe files and consist of the packed file and the unpack module WinRAR.

The National Cyber ​​Security Center (NCSC), the government decided because of the vulnerability a warning to issue.Contrary to some media reports, the problem not only for users of WinRAR, but to all Windows users who receive a malicious SFX archives. According RARLAB, developer of WinRAR, users need to open exe files, be it a SFX archive or not, always be careful.

Malwarebytes is now proposing that the information in the blog posting was not well controlled. Which has subsequently proven to be wrong. The demonstrated attack was in fact not directed against WinRAR users. In addition, users must double-click the malware before it is activated. It also appears that the vulnerability that is used in the attack in November last year was patched by Microsoft. Malwarebytes gave new excuses to RARLAB and agreed to the blog posting about the vulnerability remove. However, the posting is still in the cache of Google to find.